ModSecurity#
The module adds a connector for using ModSecurity rules. To install the module, use one of the following packages: Angie: Angie PRO: To work with the module, you need to load it in the Specify the Copy the OWASP Core Rule Set for ModSecurity (CRS)
to the Tip Check the latest release number here:
coreruleset/coreruleset In the directory with the core rules,
copy the minimally required ModSecurity configuration examples: Uncomment the Detailed documentation and source code are available at:
owasp-modsecurity/ModSecurity.Installation#
angie-module-modsecurity
angie-pro-module-modsecurity
Loading the Module#
main{}
context:load_module modules/ngx_http_modsecurity_module.so;
Configuration Example#
modsecurity
and modsecurity_rules_file
directives
in the appropriate context, for example server
:server {
modsecurity on;
modsecurity_rules_file /etc/angie/modsecurity/rules.conf;
# ...
}
/var/lib/angie/modsecurity/
directory:$ cd /var/lib/angie/modsecurity/
$ sudo git clone -b v4.1.0 https://github.com/coreruleset/coreruleset
$ sudo cp coreruleset/crs-setup.conf.example coreruleset/crs-setup.conf
$ sudo cp coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example \
coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
$ sudo cp coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example \
coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
Include
directives below
in the /etc/angie/modsecurity/rules.conf
file:Include /var/lib/angie/modsecurity/coreruleset/crs-setup.conf
Include /var/lib/angie/modsecurity/coreruleset/rules/*.conf
Additional Information#